Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.
Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy
Cloud services have emerged as the preferred attack vector of some of the most dangerous and innovative cloud malware exploits of the past six months. Why? Because many organizations don't inspect their cloud SSL traffic for malware and the same functionalities of the cloud dramatically increase productivity (sync, share, collaborate, etc) also provide ransomware developers with a perfect medium for faster delivery of malware payloads to more targets.
Join Netskope chief evangelist, Bob Gilbert, and Threat Detection Engineer, Sean Hittel, for a fascinating look at how malicious actors now design ransomware to make best use of popular cloud services to hide in plain sight, and do more damage in less time.
Bob and Sean will provide technical analyses of recent malware campaigns discovered or documented by Netskope Threat Research Labs and how to defend against them. These include:
• Virlock, which encrypts files and also infects them, making it a polymorphic file infector
• CloudFanta, which uses the SugarSync cloud storage app to deliver malware capable of stealing user credentials and monitoring online banking activities
• CloudSquirrel, which takes advantage of multiple cloud apps throughout the ransomware kill chain with the intent to steal and exfiltrate user data
• The Zepto variant of Locky ransomware, now distributed both by popular cloud storage apps and via DLL
Encryption and terms like "BYOK" have surged to the forefront of cloud service discussions. Both security and compliance stakeholders express great interest in encryption and its apparent promises. However, the expectations built upon encryption and control of encryption keys are often founded on assumptions that fail under scrutiny. In this session we will examine the top myths of cloud encryption and look at factors that have contributed to the growing misperceptions. We will also examine regulatory and legal pressures that impact encryption in this this fascinating and evolving area of cloud services and data privacy.
- The fact and fiction in myths about cloud encryption
- The importance of thinking of encryption within legal frameworks
- How to spot encryption snake oil
Jadee Hanson, Director of Security at Code42, provides a behind-the-scenes look at what it's really like to run an insider threat program -- a program in which you can take steps to prevent employees from leaking, exfiltrating, and exposing company information. This webinar will provide cloud security professionals with insider threat examples (and why you should care), recommendations for how to get buy-in from key stakeholders, and lessons learned from someone who has experienced it firsthand.
About the speaker:
Jadee Hanson, CISSP, CISA, is a security professional with more than 13 years of experience. Jadee’s passion for security was born out of a computer science internship and developed into a profession with her first role at Deloitte. After 5 years and a lot of travel, Jadee’s consulting experience led her to Target Corp. where she spent 8 years on its security team, building many of the security programs and functions that exist today. Currently, Jadee is the Director of Security at Code42. In addition to her day job, Jadee is also the founder and CEO of a nonprofit, Building Without Borders.
Security automation strategies are a necessity for any cloud-scale enterprise. There are challenges to be met at each phase of developing and deploying security automation including identifying the appropriate automation goals, creating an accurate view of the organization, tool selection, and managing the returned data at scale. This presentation will provide the details of various of open-source materials and methods that can be used to address each of those challenges.
About the speaker:
Peleus Uhley has been a part of the security industry for more than 15 years. As the Lead Security Strategist at Adobe, he assists the company with proactive and reactive security. Prior to joining Adobe, Peleus was a senior developer at Anonymizer, and a security consultant for @stake and Symantec.
Today's organizations face complex challenges as a result of exponential data growth and rapidly evolving cyberthreats. Furthermore, as companies move to cloud, it's inevitable that technologies will need to be replaced -- and what may have worked five years ago is no longer a viable solution for today's mobile workforce.
In this session, you'll hear from IT professionals at F5 Networks and Harvard University, as well as a Code42 expert as they discuss:
- Why all endpoint backup isn't created equally
- How outdated or insufficient backup solutions leave you with gaps that put user data at risk
- What technical capabilities you should look for in your next backup solution
About the speakers:
Aimee Simpson is a Solutions Marketing Manager at Code42 where she helps internal audiences understand what’s happening in the category and influences product decisions through customer and market research. She has always worked in the technology industry, having launched her career at the data storage company Compellent Technologies.
Shawn Donovan is a Windows System Engineer at F5 Networks where he works with a variety of Microsoft enterprise technologies as well as other products such as Cisco Ironport and Code42 backup solution.
Kurt Levitan is a Technical Architect at Harvard University where he is responsible for designing and implementing technology solutions, and leading a team of system administrators who provide endpoint management services for the university
Though one of the most mature industries in cybersecurity, the Financial Services industry has seen some of the largest explosion of innovation and technology. While startups and innovators are focused on speed to market and leveraging cloud infrastructure and cloud platforms as a service, the need for security in financial technologies is paramount.
In this session, Miguel Ramos will use case studies and his experience to outline key steps that can be taken to secure financial technology innovators, and explain how traditional, cloud and potentially even blockchain technologies can be used by corporations to ensure the security they need to drive business forward.
Data security has a tendency to be intimidating for organizations, users and implementers. Organizations see the value but the challenges of applying a data security solution. Wouldn’t it be great if there were solutions that took the guesswork out of data protection and key management?
In today’s data driven environment, there are strategies and technologies to protect data that do not have to be the high-risk propositions feared by organizations, users and implementers - IT professionals. By thinking of data security and key management as data t protection enablers instead of obstacles, you can easily protect data across the infrastructure and beyond. Data security and key management need to interact with the data and the users in a seamless way that doesn’t disrupt their processes or destroy the characteristics of the data.
During this webcast we will discuss some of the findings from the CSA Security Guidance v4 report and how data-centric security can help mitigate and manage many of the risks. Think of security as an enabler instead of an obstacle for cloud adoption.
It’s become clear that organizations need to overcome the challenges of securing hybrid enterprises. Hybrid IT spans platforms, tenancy and locations, which when using traditional solutions often results in a fractured security architecture without a centralized single policy, view or enforcement point. With this shift to hybrid, organizations need to embrace CSA’s Software-Defined Perimeter (SDP) specification to enable a new, transformational approach. Using SDP results in precise network security, automated network policies, reduced compliance effort and reduced attack surface.
In this session, we’ll summarize the progress that’s been made with the CSA’s Software-Defined Perimeter (SDP) specification over the past two years, and show how and why an SDP approach enables organizations to overcome the challenges of securing hybrid environments. We’ll conclude this session with a case study, showing real-world benefits achieved by enterprises that have deployed an SDP architecture.
It's becoming impossible for cyber security to keep up with paradigm-changing technological advancements which provide fertile new hunting ground for the more sophisticated cyber-criminals. You can't enumerate all possible attacks while calculating probabilities and impacts for each. We need to narrow things down. But when we reach for data, we drown in reports, dashboards, and alerts. We don't need more undigested data. We need answers. Enter threat intelligence. Useful threat intelligence is not data feeds of indicators without context, but interpretation that boils things down to provide recommendations so you can operate safely in the new Internet age. Threat intelligence demystifies the swarm of noise and connects the dots into threads that demystify what is really going on. We'll look at what good, actionable threat intelligence looks like and how you can use it to neutralize potential attacks before they strike. We'll look deeper at the threats against and originating from cloud platforms.
Join this in-depth interview at RSA Conference with John DiMaria, Global Product Champion for Information Security & Business Continuity at BSI Group.
Viewers will learn John's insights around:
- Preparing for GDPR
- Challenges for the new U.S. administration
- Protecting our critical infrastructure
- Protecting the IoT: personal accountability, product certifications, regulation
- The threat landscape
- The importance of security awareness training
Defending against human ingenuity demands a new way of thinking. With countless dollars spent and infinite alerts you still don’t have a true picture of what is going on. So when a breach happens, can you answer THE question: “How bad is it?” The inability to do so is what RSA calls the “gap of grief.” To answer, you must connect your security strategy and business risks.
RSA’s cybersecurity expert, Peter Beardmore, will provide perspective on this important issue during this pointed webcast designed to help security leaders:
- Learn how to garner the right visibility, in the right context to defend what matters most – and fast;
- Discover the 6 steps to take command of your evolving security posture in this uncertain, high risk world; and,
- Find out what it takes to link your security strategy with your business priorities.